Decom the K8s cluster, roll all its jobs into one singular machine
This commit is contained in:
parent
a1d5e94a2e
commit
3f3c7b8392
@ -64,10 +64,10 @@ Test:
|
|||||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||||
|
|
||||||
Play_Against_PiK8S:
|
Play_Against_Pis:
|
||||||
stage: play
|
stage: play
|
||||||
script:
|
script:
|
||||||
- ansible-playbook -l device_roles_pik8s-master,device_roles_pik8s-node,device_roles_pik8s-storage site.yml --vault-password-file /vaultpw || error="$?"
|
- ansible-playbook -l manufacturers_raspi site.yml --vault-password-file /vaultpw || error="$?"
|
||||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||||
Play_Against_Desktops:
|
Play_Against_Desktops:
|
||||||
|
@ -260,6 +260,29 @@ secret_snmp_rouser_privacy_passphrase: !vault |
|
|||||||
3764363538636232630a383730323433343239663461373030383132626532306130363965316661
|
3764363538636232630a383730323433343239663461373030383132626532306130363965316661
|
||||||
64353932376139613765303764313463353366663535653135393637633835353566
|
64353932376139613765303764313463353366663535653135393637633835353566
|
||||||
|
|
||||||
|
# For home media stuff
|
||||||
|
secret_transmission_user_pass: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63386231316662313039646435323861343762386135616437613530653932363333353130333232
|
||||||
|
3161383737386631336362313139316433656337396538330a656663336338613533393032663433
|
||||||
|
33346663613731656236666561303530613961363733336261363130646639326361356134386332
|
||||||
|
6335336139346331300a643962653936323135666463343865393162346637616263373636383534
|
||||||
|
39663833613135383761643661373163383138316534333264633835613965616135
|
||||||
|
secret_pia_user: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
38343633366234633430356364633634653433633963393332303439613966353438663066633465
|
||||||
|
3333333237306430346633336565613932396564353032660a373462333736343062626135316239
|
||||||
|
65306462643563323565386331373930326231353866626336643533663136353238626663373566
|
||||||
|
3763303637633838660a353362303966633931356538616636363438623165303536663535383764
|
||||||
|
6337
|
||||||
|
secret_pia_pass: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31333661636562386633396130383630383332303662613739393339373134326330373137656531
|
||||||
|
3934636662663265303137346163326461306461356138340a323662313130653539633338303035
|
||||||
|
62313265633338356436393033353438666634363536613266346139666364613238396338363731
|
||||||
|
6633666366353538300a613965633766653332613465326137396562313230343161346162343762
|
||||||
|
37643164663466343166346534303932613763643965623066353336363238643266
|
||||||
|
|
||||||
# For Steam games
|
# For Steam games
|
||||||
steam_username: !vault |
|
steam_username: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
@ -1,2 +0,0 @@
|
|||||||
# vim:ft=ansible
|
|
||||||
kubernetes_role: master
|
|
@ -1,2 +0,0 @@
|
|||||||
# vim:ft=ansible
|
|
||||||
kubernetes_role: node
|
|
@ -1,3 +0,0 @@
|
|||||||
# vim:ft=ansible
|
|
||||||
keepalived_state: MASTER
|
|
||||||
keepalived_priority: 50
|
|
@ -1,2 +0,0 @@
|
|||||||
# vim:ft=ansible
|
|
||||||
keepalived_priority: 49
|
|
@ -1,2 +0,0 @@
|
|||||||
# vim:ft=ansible
|
|
||||||
keepalived_priority: 48
|
|
@ -1,2 +0,0 @@
|
|||||||
# vim:ft=ansible
|
|
||||||
keepalived_priority: 47
|
|
@ -1,2 +0,0 @@
|
|||||||
# vim:ft=ansible
|
|
||||||
keepalived_priority: 46
|
|
@ -1,59 +0,0 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
# k8s
|
|
||||||
- hosts: device_roles_pik8s-master,device_roles_pik8s-node
|
|
||||||
gather_facts: no
|
|
||||||
roles:
|
|
||||||
- role: k8s
|
|
||||||
tags: [ k8s, skip-pull ]
|
|
||||||
- role: backup
|
|
||||||
vars:
|
|
||||||
backup_s3backup_list_extra:
|
|
||||||
- /etc/kubernetes
|
|
||||||
tags: [ k8s, backup ]
|
|
||||||
- hosts: device_roles_pik8s-master
|
|
||||||
gather_facts: no
|
|
||||||
tasks:
|
|
||||||
- name: install openshift
|
|
||||||
pip: name=openshift state=latest
|
|
||||||
tags: [ k8s, packages, pip ]
|
|
||||||
- hosts: device_roles_pik8s-node
|
|
||||||
gather_facts: no
|
|
||||||
roles:
|
|
||||||
- role: keepalived
|
|
||||||
vars:
|
|
||||||
keepalived_stanzas:
|
|
||||||
- name: VI_1
|
|
||||||
state: "{{ keepalived_state | default('BACKUP') }}"
|
|
||||||
interface: eth0
|
|
||||||
virtual_router_id: 51
|
|
||||||
priority: "{{ keepalived_priority }}"
|
|
||||||
advert_int: 1
|
|
||||||
auth_pass: "{{ secret_keepalived_pass }}"
|
|
||||||
vip: "192.168.102.200/16"
|
|
||||||
- name: VI_2
|
|
||||||
state: "{{ keepalived_state | default('BACKUP') }}"
|
|
||||||
interface: eth0
|
|
||||||
virtual_router_id: 52
|
|
||||||
priority: "{{ keepalived_priority }}"
|
|
||||||
advert_int: 1
|
|
||||||
auth_pass: "{{ secret_keepalived_pass }}"
|
|
||||||
vip: "192.168.102.201/16"
|
|
||||||
- name: VI_3
|
|
||||||
state: "{{ keepalived_state | default('BACKUP') }}"
|
|
||||||
interface: eth0
|
|
||||||
virtual_router_id: 53
|
|
||||||
priority: "{{ keepalived_priority }}"
|
|
||||||
advert_int: 1
|
|
||||||
auth_pass: "{{ secret_keepalived_pass }}"
|
|
||||||
vip: "192.168.102.202/16"
|
|
||||||
- name: VI_4
|
|
||||||
state: "{{ keepalived_state | default('BACKUP') }}"
|
|
||||||
interface: eth0
|
|
||||||
virtual_router_id: 54
|
|
||||||
priority: "{{ keepalived_priority }}"
|
|
||||||
advert_int: 1
|
|
||||||
auth_pass: "{{ secret_keepalived_pass }}"
|
|
||||||
vip: "192.168.102.240/16"
|
|
||||||
tags: [ k8s, keepalived ]
|
|
@ -1,19 +1,20 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
# vim:ft=ansible:
|
# vim:ft=ansible:
|
||||||
---
|
---
|
||||||
# Mass storage Pis
|
# Home media storage Pi
|
||||||
- hosts: device_roles_pik8s-storage
|
- hosts: pi-media-1.desu.ltd
|
||||||
|
module_defaults:
|
||||||
|
docker_container:
|
||||||
|
state: started
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
pull: yes
|
||||||
tasks:
|
tasks:
|
||||||
# The specific mount here is because each storage node as an M.2 SSD hooked up to it
|
|
||||||
# So we mount that and use the SD card for normal OS shenanigans
|
|
||||||
- name: assure mount directory
|
- name: assure mount directory
|
||||||
file: path=/data state=directory mode=0755
|
file: path=/data state=directory mode=0755
|
||||||
tags: [ pis, storage ]
|
tags: [ pis, storage ]
|
||||||
- name: assure mount
|
- name: assure mount
|
||||||
mount: path=/data src=LABEL=mass state=mounted fstype=ext4
|
mount: path=/data src=LABEL=mass state=mounted fstype=ext4
|
||||||
tags: [ pis, storage ]
|
tags: [ pis, storage ]
|
||||||
- hosts: pi-storage-1.desu.ltd
|
|
||||||
tasks:
|
|
||||||
- name: assure directories in mount
|
- name: assure directories in mount
|
||||||
file: path=/data/{{ item }} state=directory mode=0755
|
file: path=/data/{{ item }} state=directory mode=0755
|
||||||
with_items:
|
with_items:
|
||||||
@ -26,15 +27,79 @@
|
|||||||
- { path: /var/lib/postgresql, src: postgresql }
|
- { path: /var/lib/postgresql, src: postgresql }
|
||||||
- { path: /srv/nfs, src: nfs }
|
- { path: /srv/nfs, src: nfs }
|
||||||
tags: [ pis, storage ]
|
tags: [ pis, storage ]
|
||||||
|
- name: ensure docker network
|
||||||
|
docker_network: name=web
|
||||||
|
tags: [ docker ]
|
||||||
|
- name: ensure docker nginx config
|
||||||
|
copy:
|
||||||
|
dest: /data/nginx/conf.d/vhosts.conf
|
||||||
|
mode: "0644"
|
||||||
|
content: |
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
server_name transmission.local.desu.ltd;
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://transmission:9091;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name jackett.local.desu.ltd;
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://jackett:9117;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name sonarr.local.desu.ltd;
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://sonarr:8989;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name radarr.local.desu.ltd;
|
||||||
|
location / {
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://radarr:7878;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
tags: [ docker, ingress ]
|
||||||
|
- name: include tasks for apps
|
||||||
|
include_tasks: tasks/app/{{ task }}
|
||||||
|
with_items:
|
||||||
|
- redis.yml
|
||||||
|
loop_control:
|
||||||
|
loop_var: task
|
||||||
|
tags: [ always ]
|
||||||
|
- name: include tasks for web services
|
||||||
|
include_tasks: tasks/web/{{ task }}
|
||||||
|
with_items:
|
||||||
|
- transmission.yml
|
||||||
|
- jackett.yml
|
||||||
|
- sonarr.yml
|
||||||
|
- radarr.yml
|
||||||
|
- ingress-insecure.yml
|
||||||
|
loop_control:
|
||||||
|
loop_var: task
|
||||||
|
tags: [ always ]
|
||||||
roles:
|
roles:
|
||||||
- role: backup
|
- role: backup
|
||||||
vars:
|
vars:
|
||||||
backup_s3backup_list_extra:
|
backup_s3backup_list_extra:
|
||||||
- /srv/nfs/k8s/default/web-9iron-pvc
|
- /data/transmisson
|
||||||
- /srv/nfs/k8s/default/web-grafana-pvc
|
- /data/jackett
|
||||||
- /srv/nfs/k8s/default/web-jackett-config-pvc
|
- /data/sonarr
|
||||||
- /srv/nfs/k8s/default/web-netbox-pvc
|
|
||||||
- /srv/nfs/k8s/default/web-transmission-config-pvc
|
|
||||||
backup_time: "Mon *-*-* 02:00:00"
|
backup_time: "Mon *-*-* 02:00:00"
|
||||||
tags: [ backup ]
|
tags: [ backup ]
|
||||||
- role: postgresql
|
- role: postgresql
|
13
playbooks/tasks/web/ingress-insecure.yml
Normal file
13
playbooks/tasks/web/ingress-insecure.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
- name: docker deploy nginx proxy
|
||||||
|
docker_container:
|
||||||
|
name: ingress
|
||||||
|
image: nginx:latest
|
||||||
|
networks:
|
||||||
|
- name: web
|
||||||
|
aliases: [ "ingress" ]
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
volumes:
|
||||||
|
- /data/nginx/conf.d:/etc/nginx/conf.d
|
||||||
|
tags: [ docker, ingress ]
|
13
playbooks/tasks/web/jackett.yml
Normal file
13
playbooks/tasks/web/jackett.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
- name: docker deploy jackett
|
||||||
|
docker_container:
|
||||||
|
name: jackett
|
||||||
|
image: linuxserver/jackett:latest
|
||||||
|
env:
|
||||||
|
AUTO_UPDATE: "false"
|
||||||
|
networks:
|
||||||
|
- name: web
|
||||||
|
aliases: [ "jackett" ]
|
||||||
|
volumes:
|
||||||
|
- /data/jackett/config:/config
|
||||||
|
tags: [ docker, jackett ]
|
13
playbooks/tasks/web/radarr.yml
Normal file
13
playbooks/tasks/web/radarr.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
- name: docker deploy radarr
|
||||||
|
docker_container:
|
||||||
|
name: radarr
|
||||||
|
image: linuxserver/radarr:latest
|
||||||
|
networks:
|
||||||
|
- name: web
|
||||||
|
aliases: [ "radarr" ]
|
||||||
|
volumes:
|
||||||
|
- /data/radarr/config:/config
|
||||||
|
- /data/shared/downloads:/data
|
||||||
|
- /data/shared/media:/tv
|
||||||
|
tags: [ docker, radarr ]
|
13
playbooks/tasks/web/sonarr.yml
Normal file
13
playbooks/tasks/web/sonarr.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
- name: docker deploy sonarr
|
||||||
|
docker_container:
|
||||||
|
name: sonarr
|
||||||
|
image: linuxserver/sonarr:latest
|
||||||
|
networks:
|
||||||
|
- name: web
|
||||||
|
aliases: [ "sonarr" ]
|
||||||
|
volumes:
|
||||||
|
- /data/sonarr/config:/config
|
||||||
|
- /data/shared/downloads:/data
|
||||||
|
- /data/shared/media:/tv
|
||||||
|
tags: [ docker, sonarr ]
|
26
playbooks/tasks/web/transmission.yml
Normal file
26
playbooks/tasks/web/transmission.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
- name: docker deploy transmission
|
||||||
|
docker_container:
|
||||||
|
name: transmission
|
||||||
|
image: haugene/transmission-openvpn:latest
|
||||||
|
env:
|
||||||
|
USER: transmission
|
||||||
|
PASS: "{{ secret_transmission_user_pass }}"
|
||||||
|
OPENVPN_PROVIDER: PIA
|
||||||
|
OPENVPN_CONFIG: france
|
||||||
|
OPENVPN_USERNAME: "{{ secret_pia_user }}"
|
||||||
|
OPENVPN_PASSWORD: "{{ secret_pia_pass }}"
|
||||||
|
LOCAL_NETWORK: 192.168.0.0/16
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
ports:
|
||||||
|
- 51413:51413/tcp
|
||||||
|
- 51413:51413/udp
|
||||||
|
networks:
|
||||||
|
- name: web
|
||||||
|
aliases: [ "transmission" ]
|
||||||
|
volumes:
|
||||||
|
- /data/transmission/config:/config
|
||||||
|
- /data/shared/downloads:/data
|
||||||
|
- /data/transmission/watch:/watch
|
||||||
|
tags: [ docker, transmission ]
|
6
site.yml
6
site.yml
@ -10,10 +10,8 @@
|
|||||||
- import_playbook: playbooks/tags_zerotier.yml
|
- import_playbook: playbooks/tags_zerotier.yml
|
||||||
- import_playbook: playbooks/tags_snmp.yml
|
- import_playbook: playbooks/tags_snmp.yml
|
||||||
- import_playbook: playbooks/tags_nagios.yml
|
- import_playbook: playbooks/tags_nagios.yml
|
||||||
# Device roles
|
# Home configuration
|
||||||
- import_playbook: playbooks/device_roles_pik8s-storage.yml
|
- import_playbook: playbooks/home_media.yml
|
||||||
- import_playbook: playbooks/device_roles_pik8s.yml
|
|
||||||
- import_playbook: playbooks/device_roles_workstation.yml
|
|
||||||
# Production configuration
|
# Production configuration
|
||||||
- import_playbook: playbooks/prod_db.yml
|
- import_playbook: playbooks/prod_db.yml
|
||||||
- import_playbook: playbooks/prod_web.yml
|
- import_playbook: playbooks/prod_web.yml
|
||||||
|
Loading…
Reference in New Issue
Block a user